While designing your cloud infrastructure using Amazon VPC, it is best practice to place your applications such as webserver in Public subnet and database in Private subnet. Instances in Public subnet will have internet access while instances in Private subnet don’t.
In this tutorial, we will learn how to create a AWS custom VPC with Private and Public subnets.
VPS details:
VPC Name: MyVPC
CIDR : 10.0.0.0/16
Public Subnet: 10.0.1.0/24
Private Subnet: 10.0.2.0/24
1. Create VPC
Login to AWS management console and navigate to the VPC console. Select “Your VPCs” from sidebar and click on “Create VPC”
Note: There will be a VPC created by default, DO NOT delete it or make any changes to it
Enter VPC CIDR details as belowName tag: MyVPC
IPv4 CIDR block* : 10.0.0.0/16
Leave the remaining settings as it is and click “Yes, Create” button. Note that, upon creation of “MyVPC”, it will automatically create a default “Route table” and a “Network ACL” for “MyVPC”.
2. Create Public Subnet
Make sure to select “MyVPC” under “VPC” drop down menu and enter 10.0.1.0/24 in “IPv4 CIDR block” for public subnet.
3. Create Private Subnet
Now create Private subnet with CIDR 10.0.2.0/24
4. Create and Attach “Internet Gateway”
Create and Attach “Internet Gateway” to our newly created VPC “MyVPC”
Note: There will be a default Internet Gateway, DO NOT detach/delete it.
Once created, it will be in “detached” status. We need to attach it to “MyVPC”
Now “MyIG” status will turn into “attached”
5. Add a route to Public Subnet
In order to make the instances created in Public subnet internet accessible, we will create a new “Route table”, that will establish connection between Public subnet and Internet Gateway.
Note: It is not recommended to modify “main” route table that was created by default when “MyVPC” was lanched.
Create a new Route table with name “PublicRT”
Select “PublicRT”, click on “Routes” tab and “edit”.
Add “0.0.0.0/0” as “Destination” and click on next box, it should list the “Internet Gateway” that we created before, select it and click on “Save”.
Associate this “PublicRT” with Public subnet “PublicNet”
Select “PublicNet” and click “Save”
That’s it!!
Now you’ll now be able to connect to internet from instances that are launched via Public subnet.
Note: Make sure that you have enabled “Public IP” or attached Elastic IP to the instance in public subnet.
